Lighting a match in the dark web

Tag Archives: privacy

This is obviously not dark web-related, but from time to time, I like to switch it up. Those of you who frequent 4chan or watch Nightmare Expo may have heard of a phenomenon called #translategate, in which Google Translate gives some very strange responses if you enter things in a certain way.

Essentially, if you set Google Translate to “Somali,” and then enter two-character bits of text, including English words broken up into two character fragments, you’ll not only get some odd (and creepy) translations, but the A.I. seems to be unintentionally revealing bits of personal information that belong to people using services connected to their Google accounts (like Disqus).

I experimented with this yesterday, and the glitch hasn’t been fixed – it’s in full form.

For instance, I typed in things like “li li li li li li li li li,” and “le le le le le le le,” and all kinds of strange “translations” came up as results. In fact, some of them definitely weren’t translations at all. They appeared to be (as I said above) pieces of information from other Google services…

I like creepy stuff as much as the next guy (in case you couldn’t tell), but this could also be a potential breach of privacy, particularly if the “glitch” is revealing someone’s information. Let’s experiment, shall we?

Just now, I typed in “li li li li li li li” and “le le le le le” many times, and some of the results included the following:

“beposest in the world of such as such as in the world of such as in the world, such as in the world, such as to the world, such as in the world, such as to the sum of the sum of, the sum of the sum of, the sum of the sum, the sum of the sum, the sum of the sum, the sum of the sum, the sum of the sum, the sum of the sum.”

“far as you are, you will not be surprised if you are just like you are, or just like all those who are just like us. If you are just like us?”

“About Contact us we have said that’s a long way Which is a great deal! Find a post office eg weeg tool About our:”

“What are you looking for? It is also important for you to be able to enjoy the luxury of fresh fruits and vegetables, such as l”

The responses I highlighted in red seem the most peculiar. For instance, the “About Contact us” one seems to be text from a website, doesn’t it? As for the one above, it’s in Somali, which is strange because I had selected “English” as the language to translate to.

Some of the creepiest translations (which Nightmare Expo mentions) appear when the translate bot interprets your input as “Filipino”; they almost sound like subliminal messages (and this wasn’t the only one):

So what do I make of all this? I’m not exactly sure what’s going on, but part of the issue seems to be related to machine learning (which Nightmare Expo mentions in the video). The Translate bot has a database of learned translations and responses, which it often pulls translations from.

It may be that when it’s attempting to pull information from the database, it’s accidentally retrieving information from other databases instead. That’s just a guess.

Lately, the subject of internet censorship has been on my mind a lot, and that shouldn’t be surprising, given this whole net neutrality debate.

So, I was intrigued when a friend introduced me to OpenNIC, which aims to be an alternative, decentralized DNS root.

OpenNIC is a user-owned and controlled top-level network information center (NIC). Its intention is to offer an alternative to established top-level domain (TLD) registries, like ICANN. The list of servers can be found here: OpenNIC Public Servers

The idea behind it, in a nutshell, is like a decentralized internet, somewhat like ZeroNet or Freenet, although OpenNIC hasn’t quite been developed to that point yet. I’m sure if you get into the technical details, they’re quite different – it’s the “decentralized” concept that they have in common.

Actually, this may interest some of you – I know how people like to access unusual TLD names that aren’t part of the usual registry. Well, you can do that with OpenNIC! Among the top-level domains available through OpenNIC are: .bbs, .chan, .cyb, .dyn, .geek, and .pirate. Just those domain names alone make me want to explore this further!

Here’s a list of the current TLDs available on OpenNIC (see OpenNIC – Wikipedia for more info):

…and a few others, which are listed on the Wikipedia article. If you’re interested in discovering some of these sites, check out their search engine grep.geek; at the moment, you could say it’s the “OpenNIC Google.”

Now, like Tor, it may be hard to navigate at first, but that’s part of the fun I’m having with it, personally – just exploring. I have noticed that, as on Tor, a lot of the sites go down frequently, but that doesn’t really bother me anymore. So, let me guess – you’re wondering if there are any “disturbing” links on it?

I’ve come across very few so far, but if I find others, I’ll let you know. There was an interesting site called url.oz, which featured the art of Alex Milea:

Would you consider that disturbing? There was also a site for an organization called Nationalist Front, which is a white supremacy (or is it “alt-right”?) group.

That didn’t surprise me all that much, because there are similar sites on Tor, Freenet, etc., that I’ve come across. Complain all you want, but I’m not linking to that one – it’s easy to find if you join the network.

One other site that I found interesting was called Anarplex, which is at shadowlife.bit. It’s a site involving “crypto-tribes, phyles, crypto-anarchy, [and] agorism.” I had been on their onion site (y5fmhyqdr6r7ddws.onion) before as well, and it had always intrigued me.

Anyway, as I’m fond of saying, disturbing sites aren’t really the point, and they never were. As with Tor and the other networks, the idea behind OpenNIC is to have an independent “internet” that isn’t controlled by ISPs and large corporations.

Oddly, all the people who are obsessed with things like “Marianas Web” might want to check this out – it’s kind of the same idea, being that it’s not part of “the internet” and is run independently.

A friend of mine recently introduced me to a program called Maltego, made by the South African security company Paterva – and if you use it, it may frighten you. It’s actually been around for a few years, but I only started using it this week.

If it sounds unfamiliar, Maltego is a data mining and pentesting tool that finds relationships between information found on different internet sources. Its “map” of data looks exactly like this:

So yeah, I’m sort of telling you about the “real me” here. Each dot on that graph represents places online that Maltego connected to you in one way or another. This may be via your email address, IP address or via an “alias” that you used in more than one place. As an example, if you use the username “aisettagess” on more than one website or service, it will find that!

Interestingly, some of the data that it found out about me was via Have I been pwned?, which I mentioned in an earlier post. Likely what happened was that the pwned site scanned for data on numerous sites, and then kept some of that information, so it was available to Maltego. If you consider using that site, keep in mind that it will probably log some data about you, unless you request otherwise.

Just so that I don’t dox a real person, let’s create a fictitious online user with Fake Name Generator.

David A. Bass
879 Burning Memory Lane
Tullytown, PA 19007

Mother’s maiden name: Scott
SSN: 192-42-XXXX

Email address: ftjaqxpl@sharklasers.com (thanks, GuerrillaMail!)

You get the idea. So, using Mr. Bass’ info there, let’s have Maltego gather data on him. It figures out what web servers he’s using, what top level domains he uses, what email servers he sends messages from, etc.

After gathering all this data, it combines it all into a graph like the one above, to get a complete picture. It also has a command line tool, but for the purpose of this post, I’m using the GUI version.

If you click on the green dots on your graph, it will show you the information tied to your various online aliases. Let’s say Mr. Bass there uses the following usernames: PennMan988, AllAboutThatBass859, and DBass1. And let’s say he has these email addresses: ftjaqxpl@sharklasers.com (the one above), and dbass345@guerrillamail.com.

Maltego will find any social media profiles or sites on which David used those email addresses – made even easier if he filled out his real name on the site. The graph illustrates using this key:

Plus, based on information available online, it may figure out your relatives, employment history, average annual income, phone numbers, and even location. By the way, if you want more technical information about Maltego, Concise Courses did a great writeup on it – I suggest you check this out.

So why is this useful? Well, as I’d said in some other recent posts, if any of this information isn’t the kind of thing that you want to be available online, then you can now do something about it.

If you want to delete your profiles (or at least certain information) from any of these websites, take the opportunity and do it.

And for the future, consider what kind of information you’re putting out there before you do so.

By the same token, there’s a good chance that advertisers have also mined and sold your personal data – be that your name, address, phone number, or something else. This article from Lifehacker, though it came out in 2013, has a list of some of the major companies that may have sold your data: The Top 50 Companies That Mine And Sell Your Data (and How to Opt Out).

Of course, this is only one site, but it does seem to be very comprehensive, and covers a lot of the data broker sites. If you have time, I suggest going through each one and having your name removed, if necessary.

Granted, if this sort of thing doesn’t matter to you, then don’t worry about it. The reason I mention it at all is that if you don’t want unscrupulous people to get hold of your personal information, it’s best to remove it, if at all possible.

I say this knowing that today is the social media age, where people constantly post selfies and videos of themselves doing who-knows-what, including pictures of themselves having sex. Which I would never do…really!

Anyhow, if this is something that concerns you, check these sites out. It may be creepy what you find.

Can you access .onion sites without the Tor Browser? Short answer? Yes, you can – but I don’t recommend it…I cannot stress this enough.

I’ve mentioned Tor2web proxies in a few previous posts, but didn’t elaborate on it much.

In their own words, “Tor2web is a project to let Internet users access Tor Onion Services without using Tor Browser.” Tor2web and Web2Tor are reverse proxies which allow clearnet users (such as someone using Chrome, Firefox, etc.) to access Tor hidden services.

The proxy listens on port 80 (or sometimes 443) on a clearnet server, and then proxies requests to the Tor hidden service.

Well, no – not great. In spite of its convenience, the problem with using these proxies is that whomever is operating the Tor2web proxy can spy on your web traffic. While this may not sound like a bad thing, if said proxy operator has malicious intent, then you (the user) are basically a sitting duck. Plus, if the point of Tor is being anonymous, and someone can detect your web traffic that defeats the whole purpose!

In fact, even onion.cab themselves – the proxy service, that is – warns users when they first try to access a site this way:

If this doesn’t sound bad, then it should be noted that not only can the operator see your web traffic, but they can also modify it and inject code if they so desire.

If you visit https://6zdgh5a5e6zpchdz.onion, but do so through onion.cab instead of through Tor, the proxy service injects piwik analytics code into the page, which looks something like this:

So why should you care? Well, the proxy service who injected the code now knows that your IP address accessed said onion service at a specific time. In addition, they’re also executing code on your browser that the operator of the original site is unaware of.

Within the code, some of the information that it can discover about you is:

The title of the page you’re viewing

An ID for the site

The time that you made the request

The exact URL you were looking at

The page that sent you to that URL

Details of which plugins you have installed

Whether cookies are enabled

Your screen resolution

A unique ID for you

Alternately, this third party operator can inject code into the site that may track you across hidden services – that is, if you’re using the onion.cab proxy.

Thus, if your concern is privacy, it should be obvious why you don’t want to give this information away. The same goes for any proxy, really, but again, if you’re using Tor for anonymity, then accessing so-called “hidden services” via the clearnet is pointless.

I know that a lot of people who explore the “dark web” for fun just say, “Give me links!” But if you want to explore those links, do so in the right way – use the Tor Browser (from https://www.torproject.org/), and don’t try to do so via the clearnet.

This seems to be a very frequently asked question, and on many sites, people will tell you that you should use a VPN with Tor, for “extra protection.”

Based on my research, however, I disagree – and this seems to be an unpopular opinion. One reference I’d like to cite is a blog post by Matt Traudt, a.k.a. system33-, who is someone I respect with regard to Tor. The post in question is VPN + Tor: Not Necessarily a Net Gain.

One of the points he brings up here is the following:

Tor is trustless, a VPN is trusted. Users don’t have to trust every Tor relay that they use in order to stay safe with Tor. As long as the right ones aren’t compromised, working together, or otherwise malicious, the user stays protected.

This is the main problem with insisting on combining Tor and a VPN. VPNs can keep logs of your activity online (though some claim not to), whereas Tor does not.

However, using a VPN can hide your Tor usage from your ISP, especially if said ISP is suspicious of Tor.

The Tin Hat, on their post Tor And VPN – Using Both for Added Security, also makes the point that “Where this setup fails is at hiding your traffic from a malicious Tor exit node. Because the traffic goes through the VPN, and then to the Tor network, exit nodes can still watch your traffic unencrypted.”

My preference, personally, is to use a Linux distribution with Tor, like Tails or Qubes, or for the more advanced, Arch Linux or Manjaro Linux. These, of course, take time to learn and won’t do everything for you, but they are designed for security. While this doesn’t mean they are vulnerability-free, they can improve your protection, particularly if you understand their ins and outs.

Oddly enough, I haven’t “contracted” any malware via the dark web – at least not to my knowledge. This has happened more often on the clearnet, ironically. Maybe it’s because I don’t download mysterious files or install programs that I find randomly on networks like Tor.

I’m paranoid that way.

What about you, readers? What OS’s do you prefer to use (specifically in combination with Tor, I2P, Freenet, etc.)?

In the meantime, enjoy your dark web adventures, my friends – and please research any VPN or other “privacy” software before trusting it blindly.

I forget exactly where I found this link – I think it was either Electronic Frontier Foundation or Privacy Tools – but it’s a list of supposedly anonymous proxy servers, generated by a set of particular search engine terms:

+”:8080″ +”:3128″ +”:80″ filetype:txt

This returns results for lists of proxy servers that use ports 8080, 3128, and 80, which are apparently more anonymous than average proxies.

You’ll get different results if you use different search engines, too:

Even so, as I mentioned in a few earlier posts, this all depends on whether you trust proxies at all. Which is why I haven’t used any of these, personally.

It’s similar to using a VPN in combination with Tor. Are you really anonymous when doing this? That depends on whether or not you trust your VPN provider! By the same token, it’s very risky to use certain proxies, unless you know what data the proxy server is collecting about you. Never mind the fact that .txt documents can contain malware (just as some PDFs on Tor do). Read Should You Trust Any Proxy? to find out a little more.

Regardless, it’s an interesting experiment to try Googling this, even if you don’t decide to use the proxy services themselves. Most of the sites look like this:

While the idea of “anonymous proxy server” sounds great, in theory, they could be just like malicious Tor exit nodes – intending to steal data or worse.